Using Windows Firewall To Block Updates


  1. Posts : 129
    windows 10
       #1

    Using Windows Firewall To Block Updates


    I have a few PC's and they have multiple connections to the internet. These connections appear on each PC as a different network. One of the connections is very expensive and metered, so I don't want Windows updating when the primary connection is down and the secondary only is available. For most applications, what I have done is created rules in the firewall to block/allow them on specific networks, but the most dangerous application of all is Windows Update. In ten minutes that can use my entire monthly allowance and then run me in to a huge bill! It's essential that I stop Windows Update using the fail-over network. Does anyone know what application should be blocked in the firewall to stop Windows Update?
      My Computer

  2. TairikuOkami's Avatar
    Posts : 4,758
    Windows Home Dev 21xxx x64
       #2

    davefaz said:
    Does anyone know what application should be blocked in the firewall to stop Windows Update?
    The app is svchost.exe, it is used for DNS request, among other things. You could block ports 80/443 or specific IPs related to WU, but it might block some other functionality as well. You could set your connection to metered, that should prevent downloading WU, but you can not check for them or they will start downloading ASAP.

    Wireless Network Metered Connection - Set in Windows 10 - Windows 10 Forums

    Ethernet Connection - Set as Metered or Unmetered in Windows 10 - Windows 10 Forums
      My Computer


  3. Posts : 2
    Win 10 Pro, Ubuntu 14.04
       #3

    I don't know how 'do-able' this is in Windows (bearing in mind I have a Linux background !!) but.....

    Windows update depends on the BITS (Background Intelligent Transfer Service) running. If it's not, then it can't check or download updates.

    So, I'd be looking to write a script (triggered from task scheduler) that checks if the primary connection is up and if not, turns off BITS. If it is up, it'd just restart the service.

    Doing it this way would ensure no updates can occur if the primary connection is unavailable. This is pretty simple to write under a Linux shell but I have no idea (yet !!) if it can be done with a simple batch or powershell script. I would imagine however that it can be.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 17:31.
Find Us




Windows 10 Forums